adi003user Posted January 6, 2011 Report Share Posted January 6, 2011 If you’ve got arbitrary file uploads to a J2EE web accessible directory, you need something to maximize your compromise. The world needs a JSP shell that really helps a blackbox attacker pivot to important assets, so I took a stab at it. It’s called quite lamely called pwnshell. It’s a single JSP that, when browsed to, delivers the user a Web 2.0 shell for the victimized server. Great for demos! The shell is here.How do you use it?1. Upload it to the victim server (try it on a local Tomcat server!)2. Browse to it3. Pretend you’re on looking at xtermWhere does it work?- Works across platform- Works on Java 1.5+ (probably 1.4 too, but I haven’t tested)Why would you use it?- Browse around the system (as the web application system user)- Execute arbitrary system commands (it’s a shell, after all)- Show and alter session variables- Dump JNDI entriesHere are some screenshots of the shell in action. The first one shows simple directory browsing. Notice all those directory links are clickable! This makes for a weird Explorer-like interface.Download Quote Link to comment Share on other sites More sharing options...
hack_addicted.pt Posted January 20, 2011 Report Share Posted January 20, 2011 (edited) Edited January 20, 2011 by hack_addicted.pt Quote Link to comment Share on other sites More sharing options...
